Description
Enable require_secure_transport on MySQL flexible servers.
Rationaleβ
SSL connectivity provides an additional layer of security by connecting the database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between the database server and client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and application.
Auditβ
From Azure Portalβ
- Log in to Azure Portal using https://portal.azure.com.
- Go to
Azure Database for MySQL flexible servers. - For each database, under
Settings, clickServer parameters. - In the filter bar, type
require_secure_transport. - Ensure that the
VALUEforrequire_secure_transportisON.
From Azure CLIβ
Ensure the following command returns a value of on:
az mysql flexible-server parameter show \
--resource-group {{resource-group-name}} \
--server-name {{server-name}} \
--name require_secure_transport
From PowerShellβ
Ensure the following command returns a value of on:
Get-AzMySqlFlexibleServerConfiguration `
-ResourceGroupName {{resource-group-name}} `
-ServerName {{server-name}} `
-Name require_secure_transport
Default Valueβ
Azure Database for MySQL when provisioned through the Azure portal or CLI will require SSL connections by default.